The Transport Layer Security (TLS) protocol is subject to intensive research resulting in a long list of TLS attacks discovered in the last decade. To test the resistance of a TLS server to attacks, several tools or services can be used nowadays, such as the famous Qualys SSL Server Test. Nevertheless, although a security administrator updates the TLS software and configuration, internal attacks or malicious code could change that TLS-installed code or its setting at any time to make it prone to attacks. Thus, either the TLS server configuration is checked continuously, or other techniques are needed to indicate that a running TLS server is potentially vulnerable to attacks. We propose TLS-Monitor, a TLS attack-aware network monitoring tool that inspects the traffic for a target system looking for known TLS vulnerabilities that may lead to attacks. Examples are the self-signed certificate(s) allowing to set up a man-in-the-middle attack or the TLS heartbeat extension for the Heartbleed attack. If a vulnerability is found, the proposed tool checks if the threat applies by launching specific TLS attacks. Ultimately it raises alarms and creates a report. The TLS-Monitor tool employs network monitoring tools, like Suricata and Zeek, and TLS attack tools, like TLS-Attacker or Metasploit. We successfully tested TLS-Monitor in a testbed environment for some selected attacks, including Heartbleed, MITM, and Bleichenbacher. We foresee to extend the tool in the future to support other TLS attacks. © 2023 IEEE.
TLS-Monitor: A Monitor for TLS Attacks / Berbecaru, Diana Gratiela; Petraglia, Giuseppe. - ELETTRONICO. - (2023), pp. 1-6. (Intervento presentato al convegno 2023 IEEE Consumer Communications & Networking Conference (2023) tenutosi a Las Vegas (USA) nel 8 - 11 January 2023) [10.1109/CCNC51644.2023.10059989].
TLS-Monitor: A Monitor for TLS Attacks
Berbecaru, Diana Gratiela;
2023
Abstract
The Transport Layer Security (TLS) protocol is subject to intensive research resulting in a long list of TLS attacks discovered in the last decade. To test the resistance of a TLS server to attacks, several tools or services can be used nowadays, such as the famous Qualys SSL Server Test. Nevertheless, although a security administrator updates the TLS software and configuration, internal attacks or malicious code could change that TLS-installed code or its setting at any time to make it prone to attacks. Thus, either the TLS server configuration is checked continuously, or other techniques are needed to indicate that a running TLS server is potentially vulnerable to attacks. We propose TLS-Monitor, a TLS attack-aware network monitoring tool that inspects the traffic for a target system looking for known TLS vulnerabilities that may lead to attacks. Examples are the self-signed certificate(s) allowing to set up a man-in-the-middle attack or the TLS heartbeat extension for the Heartbleed attack. If a vulnerability is found, the proposed tool checks if the threat applies by launching specific TLS attacks. Ultimately it raises alarms and creates a report. The TLS-Monitor tool employs network monitoring tools, like Suricata and Zeek, and TLS attack tools, like TLS-Attacker or Metasploit. We successfully tested TLS-Monitor in a testbed environment for some selected attacks, including Heartbleed, MITM, and Bleichenbacher. We foresee to extend the tool in the future to support other TLS attacks. © 2023 IEEE.File | Dimensione | Formato | |
---|---|---|---|
TLS-Monitor_A_Monitor_for_TLS_Attacks.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
802.63 kB
Formato
Adobe PDF
|
802.63 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2974452